Craig White wrote: >On Fri, 2005-11-04 at 08:35 -0600, Nathaniel Hall wrote: > > >>I know this sounds like a stupid questions, but I'm gonna ask anyway. I >>would like to create a router using Fedora Core 3 (or 4) and netfilter, >>but I don't want to masquerade. Am I going to have to do SNAT and DNAT >>or is there any way I can do it without any kind of nat. >> >> >---- >it might be easier to make suggestions if it were clearer what you had >in mind. > >A router doesn't need to do NAT if the clients know where there are >going (i.e. static routes) or it very well may be a proxy server like >squid will do what you want. > >Craig > > I have a setup with multiple firewalls around my DMZ. The DMZ is addressed with legal IP addresses and the internal network is addressed with private addresses. I perform many to one NAT on the external firewall and simply route (and filter) at the internal firewall. This keeps me from having to figure out which internal IP address was NATed to which external IP address when I am looking at access logs. The internal firewall took very little setup, but it isn't netfilter. Is there any way to get FC4 to do the same? -- Nathaniel Hall, GSEC GCIA